Richwidgets popup_upload and https?

If I set the HTTP security property of a webflow / screen to HTTPS after the initial publish, the screens with popups in them (to the richwidgets popup_upload screen) stop loading - the loading indicator keeps spinning in the popup. If I inspect the generated HTML I see that the url to the screen is http://myserver instead of https://myserver

If I inline edit the HTML the popup works. Richwidgets has the security property of the screenflow explicitly set to none. Could that be the problem?

The only workaround seems to be setting all screens with a link to the upload screen to HTTP security: none, which ofcourse is very undesirable...

The popups and the screens calling them must have the same HTTPS setting. The platform is not smart enough to notice that it is dishing the base page as HTTPS and therefore the link to the popup must be HTTPS as well, so if you leave the popup to "blank" security it will be HTTP on an HTTPS page, and the browser will block it.

The popups and the screens calling them must have the same HTTPS setting. The platform is not smart enough to notice that it is dishing the base page as HTTPS and therefore the link to the popup must be HTTPS as well, so if you leave the popup to "blank" security it will be HTTP on an HTTPS page, and the browser will block it.

The solution is to make the popup explicitly HTTPS as well.

I've complained about this a few times now over the years...

J.Ja

Just adding a note: In a reverse proxy scenario with SSL Offload you should be careful, since OutSystems recomends that all application screens and web flows must have HTTP Security set to ‘None’.

The popups and the screens calling them must have the same HTTPS setting. The platform is not smart enough to notice that it is dishing the base page as HTTPS and therefore the link to the popup must be HTTPS as well, so if you leave the popup to "blank" security it will be HTTP on an HTTPS page, and the browser will block it.

The solution is to make the popup explicitly HTTPS as well.

I've complained about this a few times now over the years...

J.Ja

Just adding a note: In a reverse proxy scenario with SSL Offload you should be careful, since OutSystems recomends that all application screens and web flows must have HTTP Security set to ‘None’.

In that case, this is a non-issue that won't come up in the first place. :)